Syscall documentation for int80

Strelok

7/12/24, 5:05 PM

I am learning x86 assembly and I was wondering if someone could help me understand why the documentation is telling me a completely different thing to what I see in practice?

To invoke a system call I use int 80h software interrupt. I put the arguments in the first 3 registers in rbx,rcx,rdx registers and the number of the syscall in the rax. And it works, the read syscall for example works and I can see data going in the desired location in memory. However if I read man syscall it says I should put arguments to the syscall in rdi, rsi, rdx, r10, r8, r9 in that order from 1-6 for x86_64. Doing that does not work also seems a bit insane, I've seen a few resources online suggesting the same registers for syscall arguments. Is that just an error in documentation?

Same question for syscall numbers. Online people suggest looking at /usr/include/x86_64-linux-gnu/asm/unistd_64.h but there the number for read is 0 and it doesn't work, using 3 how the book suggests works, why is that?

123

1 + 2

kernel

documentation

assembler

waltinator

7/12/24, 5:43 PM

1. Books can be wrong. They may be wrong from the beginning, or may become wrong over time, as "better ways" are implemented. 2. What supported Ubuntu release are you using? 3. Write a simple C program to do the syscall;compile it with `gcc -S file.c`. Look at `file.s`. 4. Please read https://askubuntu.com/help/how-to-ask and https://askubuntu.com/help/formatting

Strelok

7/12/24, 8:06 PM

1. No that's the thing, what's in the book works. I just wanted to find a reference in the official documentation, which I did in the man pages for syscall and that unistd_64.h file. But that seems not logical as registers are not in order r10, r8 and then r9 and it also doesn't work. SO the information in the documentation does not work. 2. Kubuntu 22.04 64bit. 3. Unfortunately I don't know how to write in C, this was supposed to be a precursor. 4. Sorry if I formatted my question incorrectly.

Score:2

Ubuntu

Strelok

7/12/24, 11:19 PM

Okay I've figured it out. Will post an answer here just in case someone will have a similar question reading through Jeff Duntemann's book on Assembly.

So even though you can translate assembly for 64 bit with NASM, the specific instruction int 080h somehow, it seems, invokes 32 bit mode. Not sure how R registers can be used in 32 bit mode but apparently either they can or some other mechanism interprets it as 32 bit program. Which is why syscall numbers are completely different (they are listed in the /usr/include/x86_64-linux-gnu/asm/unistd_32.h). So program exit is #1 in 32 bit and #60 in 64 bit.

What should be used instead is syscall instruction without any arguments. Than everything in the documentation will be correct and work. The strand naming convention is strange going from a, b, c, d but can be sort of explained. rdi,rsi,rdx are registers 6-5-4 so basically reverse order, register rcx is destroyed after a syscall (says so in the documentation and r11 too) so then it is substituted with r10 and then other R registers are used from the beginning.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Syscall documentation for int80

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.